Viber for Android Security Risk Exposed

Bkav Corporation researchers recently uncovered a critical vulnerability in the Viber VoIP app for Android, which boasts more than 140 million users worldwide. The vulnerability makes it extremely easy for an attacker to bypass the smartphone’s lock screen (h/t Sophos).

According to the Bkav researchers, the procedure required to bypass the lock screen is simple. You send a Viber message to the victim’s phone, then leverage the Viber message popups to make the Viber keybaord appear. Once the keyboard is accessible, the next step varies by device — creating a missed call on the victim’s phone, pressing the Back button, etc. — and you have full access to the victim’s device.

“The way Viber handles to popup its messages on smartphones’ lock screen is unusual, resulting in its failure to control programming logic, causing the flaw to appear,” Nguyen Minh Duc, director of Bkav’s Security Division, said in a statement.

The researchers say they reported the flaw to Viber last week, but didn’t receive a response. Until a patch is released, they recommend keeping a close eye on any smartphones that have the app installed.

Jeff Goldman
Jeff Goldman
Jeff Goldman is an eSecurity Planet contributor.

Top Products

Top Cybersecurity Companies

Cybersecurity is the hottest area of IT spending. That's why so many vendors have entered this lucrative $100 billion+ market. But who are the...

Top CASB Security Vendors for 2021

Any cloud-based infrastructure needs a robust cloud access security broker (CASB) solution to ensure data and application security and integrity. After carefully surveying the...

Top Endpoint Detection & Response (EDR) Solutions for 2021

Endpoint security is a cornerstone of IT security, so our team put considerable research and analysis into this list of top endpoint detection and...

Top Next-Generation Firewall (NGFW) Vendors

Cybersecurity is getting more complicated, and so are security products. NGFWs are no exception, and IoT devices and the work-from-home craze that began in...

Related articles